larger cover

Add To My Wish List

Register your product to gain access to bonus material or receive a coupon.

CCNA Security 210-260 Official Cert Guide Premium Edition and Practice Test

Premium Edition eBook

  • Your Price: $39.99
  • List Price: $49.99
  • About Premium Edition eBooks
  • The Premium Edition eBook and Practice Test is a digital-only certification preparation product combining an eBook with enhanced Pearson IT Certification Practice Tests. Click on the "Premium Edition" tab (on the left side of this page) to learn more about this product.

    Your purchase will deliver:

    • Link to download the enhanced Pearson IT Certification Practice Test exam engine
    • Access code for question database
    • eBook in the following formats, accessible from your Account page after purchase:

    ePub EPUB The open industry format known for its reflowable content and usability on supported mobile devices.

    MOBI MOBI The eBook format compatible with the Amazon Kindle and Amazon Kindle applications.

    Adobe Reader PDF The popular standard, used most often with the free Adobe® Reader® software.

    The eBooks require no passwords or activation to read. We customize your eBook by discreetly watermarking it with your name, making it uniquely yours.

    Watermarked eBook FAQ

    eBook Download Instructions

Also available in other formats.

  • Description
  • Sample Content
  • Updates
  • Copyright 2016
  • Dimensions: 7" x 9-1/8"
  • Pages: 700
  • Edition: 1st
  • Premium Edition eBook
  • ISBN-10: 0-13-407789-X
  • ISBN-13: 978-0-13-407789-5

CCNA Security 210-260 Official Cert Guide Premium Edition eBook and Practice Test
 
The exciting new CCNA Security 210-260 Official Cert Guide, Premium Edition eBook and Practice Test is a digital-only certification preparation product combining an eBook with enhanced Pearson IT Certification Practice Test. The Premium Edition eBook and Practice Test contains the following items:

--The CCNA Security 210-260 Premium Edition Practice Test, including four full practice exams and enhanced practice test features
--PDF and EPUB formats of the CCNA Security 210-260 Official Cert Guide from Cisco Press, which are accessible via your PC, tablet, and smartphone

About the Premium Edition Practice Test

This Premium Edition contains an enhanced version of the Pearson IT Certification Practice Test (PCPT) software with four full practice exams. In addition, it contains all the chapter-opening assessment questions from the book. This integrated learning package

--Enables you to focus on individual topic areas or take complete, timed exams
--Includes direct links from each question to detailed tutorials to help you understand the concepts behind the questions
--Provides unique sets of exam-realistic practice questions
--Tracks your performance and provides feedback on a module-by-module basis, laying out a complete assessment of your knowledge to help you focus your study where it is needed most

Pearson IT Certification Practice Test minimum system requirements:
Windows Vista (SP2), Windows 7, or Windows 8.1 (desktop UI only); Microsoft .NET Framework 4.5 Client; Pentium class 1GHz processor (or equivalent); 512MB RAM; 650MB hard disk space plus 50MB for each exam download; access to the Internet to register and download exam databases

About the Premium Edition eBook
CCNA Security 210-260 Official Cert Guide focuses specifically on the objectives for the Cisco CCNA Security 210-260 exam. Networking security experts Omar Santos and John Stuppi share preparation hints and test-taking tips, helping you identify areas of weakness and improve both your conceptual knowledge and hands-on skills. Material is presented in a concise manner, focusing on increasing your understanding and retention of exam topics.
 
CCNA Security 210-260 Official Cert Guide presents you with an organized test-preparation routine through the use of proven series elements and techniques. “Do I Know This Already?” quizzes open each chapter and enable you to decide how much time you need to spend on each section. Exam topic lists make referencing easy. Chapter-ending Exam Preparation Tasks help you drill on key concepts you must know thoroughly.
 
Well regarded for its level of detail, assessment features, and challenging review questions and exercises, this official study guide helps you master the concepts and techniques that will enable you to succeed on the exam the first time.
 
This official study guide helps you master all the topics on the CCNA Security exam, including
--Networking security concepts
--Common security threats
--Implementing AAA using IOS and ISE
--Bring Your Own Device (BYOD)
--Fundamentals of VPN technology and cryptography
--Fundamentals of IP security
--Implementing IPsec site-to-site VPNs
--Implementing SSL remote-access VPNs using Cisco ASA
--Securing Layer 2 technologies
--Network Foundation Protection (NFP)
--Securing the management plane on Cisco IOS devices
--Securing the data plane
--Securing routing protocols and the control plane
--Understanding firewall fundamentals
--Implementing Cisco IOS zone-based firewalls
--Configuring basic firewall policies on Cisco ASA
--Cisco IPS fundamentals
--Mitigation technologies for e-mail- and web-based threats
--Mitigation technology for endpoint threats

 

Table of Contents

Introduction xxvi
Part I Fundamentals of Network Security
Chapter 1 Networking Security Concepts 3
“Do I Know This Already?” Quiz 3
Foundation Topics 6
Understanding Network and Information Security Basics 6
    Network Security Objectives 6
    Confidentiality, Integrity, and Availability 6
    Cost-Benefit Analysis of Security 7
    Classifying Assets 8
    Classifying Vulnerabilities 10
    Classifying Countermeasures 10
    What Do We Do with the Risk? 11
Recognizing Current Network Threats 12
    Potential Attackers 12
    Attack Methods 13
    Attack Vectors 14
    Man-in-the-Middle Attacks 14
    Other Miscellaneous Attack Methods 15
Applying Fundamental Security Principles to Network Design 16
    Guidelines 16
    Network Topologies 17
    Network Security for a Virtual Environment 20
    How It All Fits Together 22
Exam Preparation Tasks 23
Review All the Key Topics 23
Complete the Tables and Lists from Memory 23
Define Key Terms 23
Chapter 2 Common Security Threats 25
“Do I Know This Already?” Quiz 25
Foundation Topics 27
Network Security Threat Landscape 27
Distributed Denial-of-Service Attacks 27
Social Engineering Methods 28
    Social Engineering Tactics 29
    Defenses Against Social Engineering 29
Malware Identification Tools 30
    Methods Available for Malware Identification 30
    Data Loss and Exfiltration Methods 31
Summary 32
Exam Preparation Tasks 33
Review All the Key Topics 33
Complete the Tables and Lists from Memory 33
Define Key Terms 33
Part II Secure Access
Chapter 3 Implementing AAA in Cisco IOS 35
“Do I Know This Already?” Quiz 35
Foundation Topics 38
Cisco Secure ACS, RADIUS, and TACACS 38
    Why Use Cisco ACS? 38
    On What Platform Does ACS Run? 38
    What Is ISE? 39
    Protocols Used Between the ACS and the Router 39
    Protocol Choices Between the ACS Server and the Client (the Router) 40
Configuring Routers to Interoperate with an ACS Server 41
Configuring the ACS Server to Interoperate with a Router 51
Verifying and Troubleshooting Router-to-ACS Server Interactions 60
Exam Preparation Tasks 67
Review All the Key Topics 67
Complete the Tables and Lists from Memory 67
Define Key Terms 67
Command Reference to Check Your Memory 67
Chapter 4 Bring Your Own Device (BYOD) 71
“Do I Know This Already?” Quiz 71
Foundation Topics 73
Bring Your Own Device Fundamentals 73
BYOD Architecture Framework 74
    BYOD Solution Components 74
Mobile Device Management 76
    MDM Deployment Options 76
        On-Premise MDM Deployment 77
        Cloud-Based MDM Deployment 78
Exam Preparation Tasks 80
Review All the Key Topics 80
Complete the Tables and Lists from Memory 80
Define Key Terms 80
Part III Virtual Private Networks (VPN)
Chapter 5 Fundamentals of VPN Technology and Cryptography 83
“Do I Know This Already?” Quiz 83
Foundation Topics 87
Understanding VPNs and Why We Use Them 87
    What Is a VPN? 87
    Types of VPNs 88
        Two Main Types of VPNs 88
    Main Benefits of VPNs 89
        Confidentiality 89
        Data Integrity 90
        Authentication 90
        Antireplay Protection 90
Cryptography Basic Components 91
    Ciphers and Keys 91
        Ciphers 91
        Keys 92
    Block and Stream Ciphers 92
        Block Ciphers 92
        Stream Ciphers 92
    Symmetric and Asymmetric Algorithms 92
        Symmetric 93
        Asymmetric 93
    Hashes 94
    Hashed Message Authentication Code 95
    Digital Signatures 95
        Digital Signatures in Action 95
    Key Management 96
        Next-Generation Encryption Protocols 97
    IPsec and SSL 97
        IPsec 97
        SSL 98
Public Key Infrastructure 99
    Public and Private Key Pairs 99
    RSA Algorithm, the Keys, and Digital Certificates 99
        Who Has Keys and a Digital Certificate? 100
        How Two Parties Exchange Public Keys 100
        Creating a Digital Signature 100
    Certificate Authorities 100
    Root and Identity Certificates 101
        Root Certificate 101
        Identity Certificate 102
        Using the Digital Certificates to Get the Peer’s Public Key 103
        X.500 and X.509v3 Certificates 103
    Authenticating and Enrolling with the CA 104
    Public Key Cryptography Standards 105
    Simple Certificate Enrollment Protocol 105
    Revoked Certificates 105
    Uses for Digital Certificates 106
    PKI Topologies 106
        Single Root CA 107
        Hierarchical CA with Subordinate CAs 107
        Cross-Certifying CAs 107
Putting the Pieces of PKI to Work 107
    ASA’s Default Certificate 108
    Viewing the Certificates in ASDM 108
    Adding a New Root Certificate 109
    Easier Method for Installing Both Root and Identity Certificates 111
Exam Preparation Tasks 116
Review All the Key Topics 116
Complete the Tables and Lists from Memory 117
Define Key Terms 117
Command Reference to Check Your Memory 117
Chapter 6 Fundamentals of IP Security 119
“Do I Know This Already?” Quiz 119
Foundation Topics 122
IPsec Concepts, Components, and Operations 122
    The Goal of IPsec 122
    The Internet Key Exchange (IKE) Protocol 123
    The Play by Play for IPsec 124
        Step 1: Negotiate the IKEv1 Phase 1 Tunnel 124
        Step 2: Run the DH Key Exchange 125
        Step 3: Authenticate the Peer 126
        What About the User’s Original Packet? 126
        Leveraging What They Have Already Built 126
        Now IPsec Can Protect the User’s Packets 127
        Traffic Before IPsec 127
        Traffic After IPsec 127
    Summary of the IPsec Story 128
Configuring and Verifying IPsec 129
    Tools to Configure the Tunnels 129
    Start with a Plan 129
    Applying the Configuration 129
    Viewing the CLI Equivalent at the Router 137
    Completing and Verifying IPsec 139
Exam Preparation Tasks 146
Review All the Key Topics 146
Complete the Tables and Lists from Memory 146
Define Key Terms 146
Command Reference to Check Your Memory 147
Chapter 7 Implementing IPsec Site-to-Site VPNs 149
“Do I Know This Already?” Quiz 149
Foundation Topics 152
Planning and Preparing an IPsec Site-to-Site VPN 152
    Customer Needs 152
    Planning IKEv1 Phase 1 154
    Planning IKEv1 Phase 2 154
Implementing and Verifying an IPsec Site-to-Site VPN in Cisco IOS Devices 155
    Troubleshooting IPsec Site-to-Site VPNs in Cisco IOS 164
Implementing and Verifying an IPsec Site-to-Site VPN in Cisco ASA 179
    Troubleshooting IPsec Site-to-Site VPNs in Cisco ASA 193
Exam Preparation Tasks 199
Review All the Key Topics 199
Complete the Tables and Lists from Memory 199
Define Key Terms 199
Command Reference to Check Your Memory 199
Chapter 8 Implementing SSL VPNs Using Cisco ASA 203
“Do I Know This Already?” Quiz 203
Foundation Topics 206
Functions and Use of SSL for VPNs 206
    Is IPsec Out of the Picture? 206
    SSL and TLS Protocol Framework 207
    The Play by Play of SSL for VPNs 207
    SSL VPN Flavors 208
Configuring Clientless SSL VPNs on ASA 209
    Using the SSL VPN Wizard 209
    Digital Certificates 211
    Accessing the Connection Profile 211
    Authenticating Users 211
    Logging In 215
    Seeing the VPN Activity from the Server 217
Using the Cisco AnyConnect Secure Mobility Client 217
    Types of SSL VPNs 218
    Configuring the Cisco ASA to Terminate the Cisco AnyConnect Secure Mobility Client Connections 218
    Groups, Connection Profiles, and Defaults 225
    One Item with Three Different Names 226
    Split Tunneling 227
Troubleshooting SSL VPN 228
    Troubleshooting SSL Negotiations 228
    Troubleshooting AnyConnect Client Issues 228
        Initial Connectivity Issues 228
        Traffic-Specific Issues 230
Exam Preparation Tasks 231
Review All the Key Topics 231
Complete the Tables and Lists from Memory 231
Define Key Terms 231
Part IV Secure Routing and Switching
Chapter 9 Securing Layer 2 Technologies 233
“Do I Know This Already?” Quiz 233
Foundation Topics 236
VLAN and Trunking Fundamentals 236
    What Is a VLAN? 236
    Trunking with 802.1Q 238
    Following the Frame, Step by Step 239
    The Native VLAN on a Trunk 239
    So, What Do You Want to Be? (Asks the Port) 239
    Inter-VLAN Routing 240
    The Challenge of Using Physical Interfaces Only 240
    Using Virtual “Sub” Interfaces 240
Spanning-Tree Fundamentals 241
    Loops in Networks Are Usually Bad 241
    The Life of a Loop 241
    The Solution to the Layer 2 Loop 242
    STP Is Wary of New Ports 245
    Improving the Time Until Forwarding 245
Common Layer 2 Threats and How to Mitigate Them 246
    Disrupt the Bottom of the Wall, and the Top Is Disrupted, Too 246
    Layer 2 Best Practices 246
    Do Not Allow Negotiations 247
    Layer 2 Security Toolkit 248
    Specific Layer 2 Mitigation for CCNA Security 248
        BPDU Guard 248
        Root Guard 249
        Port Security 250
CDP and LLDP 251
DHCP Snooping 253
Dynamic ARP Inspection 254
Exam Preparation Tasks 257
Review All the Key Topics 257
Complete the Tables and Lists from Memory 258
Review the Port Security Video Included with This Book 258
Define Key Terms 258
Command Reference to Check Your Memory 258
Chapter 10 Network Foundation Protection 261
“Do I Know This Already?” Quiz 261
Foundation Topics 264
Using Network Foundation Protection to Secure Networks 264
    The Importance of the Network Infrastructure 264
    The Network Foundation Protection Framework 264
    Interdependence 265
    Implementing NFP 265
Understanding the Management Plane 266
    First Things First 266
    Best Practices for Securing the Management Plane 267
Understanding the Control Plane 268
    Best Practices for Securing the Control Plane 268
Understanding the Data Plane 270
    Best Practices for Protecting the Data Plane 271
    Additional Data Plane Protection Mechanisms 271
Exam Preparation Tasks 272
Review All the Key Topics 272
Complete the Tables and Lists from Memory 272
Define Key Terms 272
Chapter 11 Securing the Management Plane on Cisco IOS Devices 275
“Do I Know This Already?” Quiz 275
Foundation Topics 278
Securing Management Traffic 278
    What Is Management Traffic and the Management Plane? 278
    Beyond the Blue Rollover Cable 278
    Management Plane Best Practices 278
    Password Recommendations 281
    Using AAA to Verify Users 281
        AAA Components 282
        Options for Storing Usernames, Passwords, and Access Rules 282
        Authorizing VPN Users 283
        Router Access Authentication 284
        The AAA Method List 285
    Role-Based Access Control 286
        Custom Privilege Levels 287
        Limiting the Administrator by Assigning a View 287
    Encrypted Management Protocols 287
    Using Logging Files 288
    Understanding NTP 289
    Protecting Cisco IOS Files 289
Implementing Security Measures to Protect the Management Plane 290
    Implementing Strong Passwords 290
    User Authentication with AAA 292
    Using the CLI to Troubleshoot AAA for Cisco Routers 296
    RBAC Privilege Level/Parser View 301
    Implementing Parser Views 303
    SSH and HTTPS 305
    Implementing Logging Features 308
        Configuring Syslog Support 308
    SNMP Features 310
    Configuring NTP 313
    Secure Copy Protocol 315
    Securing the Cisco IOS Image and Configuration Files 315
Exam Preparation Tasks 317
Review All the Key Topics 317
Complete the Tables and Lists from Memory 318
Define Key Terms 318
Command Reference to Check Your Memory 318
Chapter 12 Securing the Data Plane in IPv6 321
“Do I Know This Already?” Quiz 321
Foundation Topics 324
Understanding and Configuring IPv6 324
    Why IPv6? 324
    The Format of an IPv6 Address 325
        Understanding the Shortcuts 327
        Did We Get an Extra Address? 327
        IPv6 Address Types 327
Configuring IPv6 Routing 330
    Moving to IPv6 331
Developing a Security Plan for IPv6 332
    Best Practices Common to Both IPv4 and IPv6 332
    Threats Common to Both IPv4 and IPv6 333
    The Focus on IPv6 Security 334
    New Potential Risks with IPv6 334
    IPv6 Best Practices 336
    IPv6 Access Control Lists 337
Exam Preparation Tasks 338
Review All the Key Topics 338
Complete the Tables and Lists from Memory 338
Define Key Terms 338
Command Reference to Check Your Memory 338
Chapter 13 Securing Routing Protocols and the Control Plane 341
“Do I Know This Already?” Quiz 341
Foundation Topics 344
Securing the Control Plane 344
    Minimizing the Impact of Control Plane Traffic on the CPU 344
Control Plane Policing 346
    Control Plane Protection 348
Securing Routing Protocols 348
    Implement Routing Update Authentication on OSPF 348
    Implement Routing Update Authentication on EIGRP 349
    Implement Routing Update Authentication on RIP 350
    Implement Routing Update Authentication on BGP 351
Exam Preparation Tasks 353
Review All the Key Topics 353
Complete the Tables and Lists from Memory 353
Define Key Terms 353
Part V Cisco Firewall Technologies and Intrusion Prevention System Technologies
Chapter 14 Understanding Firewall Fundamentals 355
“Do I Know This Already?” Quiz 355
Foundation Topics 358
Firewall Concepts and Technologies 358
    Firewall Technologies 358
    Objectives of a Good Firewall 358
    Firewall Justifications 359
    The Defense-in-Depth Approach 360
    Firewall Methodologies 361
        Static Packet Filtering 362
        Application Layer Gateway 363
        Stateful Packet Filtering 363
        Application Inspection 364
        Transparent Firewalls 365
        Next-Generation Firewalls 365
Using Network Address Translation 366
    NAT Is About Hiding or Changing the Truth About Source Addresses 366
    Inside, Outside, Local, Global 367
    Port Address Translation 368
    NAT Options 369
Creating and Deploying Firewalls 370
    Firewall Technologies 370
    Firewall Design Considerations 370
    Firewall Access Rules 371
    Packet-Filtering Access Rule Structure 372
    Firewall Rule Design Guidelines 372
    Rule Implementation Consistency 373
Exam Preparation Tasks 375
Review All the Key Topics 375
Complete the Tables and Lists from Memory 375
Define Key Terms 375
Chapter 15 Implementing Cisco IOS Zone-Based Firewalls 377
“Do I Know This Already?” Quiz 377
Foundation Topics 379
Cisco IOS Zone-Based Firewalls 379
    How Zone-Based Firewall Operates 379
    Specific Features of Zone-Based Firewalls 379
    Zones and Why We Need Pairs of Them 380
    Putting the Pieces Together 381
    Service Policies 382
    The Self Zone 384
Configuring and Verifying Cisco IOS Zone-Based Firewalls 385
    First Things First 385
    Using CCP to Configure the Firewall 386
    Verifying the Firewall 399
    Verifying the Configuration from the Command Line 400
    Implementing NAT in Addition to ZBF 404
    Verifying Whether NAT Is Working 407
Exam Preparation Tasks 409
Review All the Key Topics 409
Complete the Tables and Lists from Memory 409
Define Key Terms 409
Command Reference to Check Your Memory 409
Chapter 16 Configuring Basic Firewall Policies on Cisco ASA 413
“Do I Know This Already?” Quiz 413
Foundation Topics 416
The ASA Appliance Family and Features 416
    Meet the ASA Family 416
    ASA Features and Services 417
ASA Firewall Fundamentals 419
    ASA Security Levels 419
    The Default Flow of Traffic 420
    Tools to Manage the ASA 422
    Initial Access 422
    Packet Filtering on the ASA 422
    Implementing a Packet-Filtering ACL 423
    Modular Policy Framework 424
    Where to Apply a Policy 425
Configuring the ASA 425
    Beginning the Configuration 425
    Getting to the ASDM GUI 433
    Configuring the Interfaces 435
    IP Addresses for Clients 443
    Basic Routing to the Internet 444
    NAT and PAT 445
    Permitting Additional Access Through the Firewall 447
    Using Packet Tracer to Verify Which Packets Are Allowed 449
    Verifying the Policy of No Telnet 453
Exam Preparation Tasks 454
Review All the Key Topics 454
Complete the Tables and Lists from Memory 454
Define Key Terms 454
Command Reference to Check Your Memory 455
Chapter 17 Cisco IDS/IPS Fundamentals 457
“Do I Know This Already?” Quiz 457
Foundation Topics 460
IPS Versus IDS 460
    What Sensors Do 460
    Difference Between IPS and IDS 460
    Sensor Platforms 462
    True/False Negatives/Positives 463
    Positive/Negative Terminology 463
Identifying Malicious Traffic on the Network 463
    Signature-Based IPS/IDS 464
    Policy-Based IPS/IDS 464
    Anomaly-Based IPS/IDS 464
    Reputation-Based IPS/IDS 464
    When Sensors Detect Malicious Traffic 465
    Controlling Which Actions the Sensors Should Take 467
    Implementing Actions Based on the Risk Rating 468
    Circumventing an IPS/IDS 468
Managing Signatures 469
    Signature or Severity Levels 470
Monitoring and Managing Alarms and Alerts 471
    Security Intelligence 471
    IPS/IDS Best Practices 472
Cisco Next-Generation IPS Solutions 472
Exam Preparation Tasks 474
Review All the Key Topics 474
Complete the Tables and Lists from Memory 474
Define Key Terms 474
Part VI Content and Endpoint Security
Chapter 18 Mitigation Technologies for E-mail-Based and Web-Based Threats 477
“Do I Know This Already?” Quiz 477
Foundation Topics 479
Mitigation Technology for E-mail-Based Threats 479
    E-mail-Based Threats 479
    Cisco Cloud E-mail Security 479
    Cisco Hybrid E-mail Security 480
    Cisco E-mail Security Appliance 480
    Cisco ESA Initial Configuration 483
Mitigation Technology for Web-Based Threats 486
    Cisco CWS 486
    Cisco WSA 487
Cisco Content Security Management Appliance 491
Exam Preparation Tasks 493
Review All the Key Topics 493
Complete the Tables and Lists from Memory 493
Define Key Terms 493
Command Reference to Check Your Memory 493
Chapter 19 Mitigation Technologies for Endpoint Threats 495
“Do I Know This Already?” Quiz 495
Foundation Topics 497
Antivirus and Antimalware Solutions 497
Personal Firewalls and Host Intrusion Prevention Systems 498
Advanced Malware Protection for Endpoints 499
Hardware and Software Encryption of Endpoint Data 500
    E-mail Encryption 500
    Encrypting Endpoint Data at Rest 501
    Virtual Private Networks 501
Exam Preparation Tasks 503
Review All the Key Topics 503
Complete the Tables and Lists from Memory 503
Define Key Terms 503
Part VII Final Preparation
Chapter 20 Final Preparation 505
Tools for Final Preparation 505
Exam Engine and Questions on the CD 505
    Install the Exam Engine 505
    Activate and Download the Practice Exam 506
    Activating Other Exams 506
    Premium Edition 506
The Cisco Learning Network 507
Memory Tables 507
Chapter-Ending Review Tools 507
Study Plan 507
Recall the Facts 507
Practice Configurations 508
Using the Exam Engine 508
Part VIII Appendixes
Appendix A Answers to the “Do I Know This Already?” Quizzes 511
Appendix B CCNA Security 210-260 (IINS) Exam Updates 517
Glossary 521

On the CD
Glossary
Appendix C Memory Tables
Appendix D Memory Tables Answer Key
Appendix E Study Planner

9781587205668   TOC   8/14/2015

Unlimited one-month access with your purchase
Free Safari Membership